[  826.304977][T13449] br1: port 1(vx1) entered blocking state
[  826.305237][T13449] br1: port 1(vx1) entered disabled state
[  826.305422][T13449] vx1: entered allmulticast mode
[  826.308186][T13449] vx1: entered promiscuous mode
[  826.308923][T13449] br1: port 1(vx1) entered blocking state
[  826.309082][T13449] br1: port 1(vx1) entered forwarding state
[  826.343678][T13450] br1: port 2(veth1) entered blocking state
[  826.344013][T13450] br1: port 2(veth1) entered disabled state
[  826.344327][T13450] veth1: entered allmulticast mode
[  826.347150][T13450] veth1: entered promiscuous mode
[  826.399428][   T35] br1: port 2(veth1) entered blocking state
[  826.399764][   T35] br1: port 2(veth1) entered forwarding state
[  826.463306][T13453] br1: port 3(veth2) entered blocking state
[  826.463614][T13453] br1: port 3(veth2) entered disabled state
[  826.463947][T13453] veth2: entered allmulticast mode
[  826.466603][T13453] veth2: entered promiscuous mode
[  826.520180][   T35] br1: port 3(veth2) entered blocking state
[  826.520485][   T35] br1: port 3(veth2) entered forwarding state
[  827.797131][T13507] br2: port 1(w1) entered blocking state
[  827.797311][T13507] br2: port 1(w1) entered disabled state
[  827.797479][T13507] w1: entered allmulticast mode
[  827.798998][T13507] w1: entered promiscuous mode
[  827.969454][T13513] br2: port 2(vx2) entered blocking state
[  827.969725][T13513] br2: port 2(vx2) entered disabled state
[  827.969975][T13513] vx2: entered allmulticast mode
[  827.972991][T13513] vx2: entered promiscuous mode
[  827.973839][T13513] br2: port 2(vx2) entered blocking state
[  827.973998][T13513] br2: port 2(vx2) entered forwarding state
[  828.180133][   T37] br2: port 1(w1) entered blocking state
[  828.180361][   T37] br2: port 1(w1) entered forwarding state
[  828.905619][T13546] br2: port 1(w1) entered blocking state
[  828.905812][T13546] br2: port 1(w1) entered disabled state
[  828.905981][T13546] w1: entered allmulticast mode
[  828.907451][T13546] w1: entered promiscuous mode
[  829.066160][T13552] br2: port 2(vx2) entered blocking state
[  829.066343][T13552] br2: port 2(vx2) entered disabled state
[  829.066509][T13552] vx2: entered allmulticast mode
[  829.068033][T13552] vx2: entered promiscuous mode
[  829.068602][T13552] br2: port 2(vx2) entered blocking state
[  829.068764][T13552] br2: port 2(vx2) entered forwarding state
[  829.265563][   T35] br2: port 1(w1) entered blocking state
[  829.265759][   T35] br2: port 1(w1) entered forwarding state
[  880.147533][   T12] vx2: left allmulticast mode
[  880.147728][   T12] vx2: left promiscuous mode
[  880.147969][   T12] br2: port 2(vx2) entered disabled state
[  880.152198][   T12] w1: left allmulticast mode
[  880.152359][   T12] w1: left promiscuous mode
[  880.152585][   T12] br2: port 1(w1) entered disabled state
[  880.316643][   T12] ==================================================================
[  880.316856][   T12] BUG: KASAN: slab-use-after-free in idr_for_each+0x1c1/0x1f0
[  880.317042][   T12] Read of size 8 at addr ff1100000cc63878 by task kworker/u16:0/12
[  880.317226][   T12] 
[  880.317291][   T12] CPU: 3 UID: 0 PID: 12 Comm: kworker/u16:0 Not tainted 6.19.0-rc7-virtme #1 PREEMPT(full) 
[  880.317296][   T12] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[  880.317299][   T12] Workqueue: netns cleanup_net
[  880.317306][   T12] Call Trace:
[  880.317308][   T12]  <TASK>
[  880.317311][   T12]  dump_stack_lvl+0x6f/0xa0
[  880.317318][   T12]  print_address_description.constprop.0+0x6e/0x300
[  880.317324][   T12]  print_report+0xfc/0x1fb
[  880.317326][   T12]  ? idr_for_each+0x1c1/0x1f0
[  880.317329][   T12]  ? __virt_addr_valid+0x1da/0x430
[  880.317335][   T12]  ? idr_for_each+0x1c1/0x1f0
[  880.317337][   T12]  kasan_report+0xe8/0x120
[  880.317342][   T12]  ? idr_for_each+0x1c1/0x1f0
[  880.317346][   T12]  ? rtnl_net_notifyid+0x1a0/0x1a0
[  880.317349][   T12]  idr_for_each+0x1c1/0x1f0
[  880.317352][   T12]  ? idr_find+0x70/0x70
[  880.317355][   T12]  ? __lock_release.isra.0+0x59/0x170
[  880.317359][   T12]  ? __up_write+0x283/0x4f0
[  880.317362][   T12]  ? cleanup_net+0x1f2/0x810
[  880.317366][   T12]  cleanup_net+0x260/0x810
[  880.317368][   T12]  ? lock_acquire.part.0+0xbc/0x260
[  880.317371][   T12]  ? process_one_work+0xd16/0x1390
[  880.317375][   T12]  ? net_passive_dec+0x190/0x190
[  880.317378][   T12]  ? rcu_is_watching+0x15/0xd0
[  880.317381][   T12]  ? process_one_work+0xd16/0x1390
[  880.317383][   T12]  ? lock_acquire+0x10a/0x150
[  880.317385][   T12]  ? rcu_is_watching+0x15/0xd0
[  880.317388][   T12]  process_one_work+0xd57/0x1390
[  880.317393][   T12]  ? pwq_dec_nr_in_flight+0x700/0x700
[  880.317395][   T12]  ? lock_acquire.part.0+0xbc/0x260
[  880.317400][   T12]  ? assign_work+0x152/0x380
[  880.317403][   T12]  worker_thread+0x4d6/0xd40
[  880.317408][   T12]  ? process_one_work+0x1390/0x1390
[  880.317410][   T12]  kthread+0x355/0x5b0
[  880.317413][   T12]  ? kthread_is_per_cpu+0xe0/0xe0
[  880.317415][   T12]  ? __lock_release.isra.0+0x59/0x170
[  880.317419][   T12]  ? rcu_is_watching+0x15/0xd0
[  880.317421][   T12]  ? kthread_is_per_cpu+0xe0/0xe0
[  880.317424][   T12]  ret_from_fork+0x3fb/0x510
[  880.317428][   T12]  ? arch_exit_to_user_mode_prepare.isra.0+0x140/0x140
[  880.317432][   T12]  ? __switch_to+0x53c/0xd00
[  880.317435][   T12]  ? kthread_is_per_cpu+0xe0/0xe0
[  880.317438][   T12]  ret_from_fork_asm+0x11/0x20
[  880.317445][   T12]  </TASK>
[  880.317446][   T12] 
[  880.322634][   T12] Allocated by task 13488:
[  880.322758][   T12]  kasan_save_stack+0x30/0x50
[  880.322888][   T12]  kasan_save_track+0x14/0x30
[  880.323009][   T12]  __kasan_slab_alloc+0x5f/0x70
[  880.323132][   T12]  kmem_cache_alloc_noprof+0x226/0x6e0
[  880.323261][   T12]  radix_tree_node_alloc.constprop.0+0x176/0x340
[  880.323413][   T12]  idr_get_free+0x326/0x840
[  880.323535][   T12]  idr_alloc_u32+0x14a/0x2e0
[  880.323657][   T12]  idr_alloc+0x7d/0xc0
[  880.323749][   T12]  peernet2id_alloc+0x22c/0x340
[  880.323868][   T12]  __dev_change_net_namespace+0x8e5/0x1980
[  880.324016][   T12]  do_setlink.isra.0+0x211/0x25d0
[  880.324138][   T12]  rtnl_newlink+0x75c/0xe90
[  880.324260][   T12]  rtnetlink_rcv_msg+0x6fe/0xb90
[  880.324380][   T12]  netlink_rcv_skb+0x123/0x380
[  880.324499][   T12]  netlink_unicast+0x4a3/0x770
[  880.324621][   T12]  netlink_sendmsg+0x735/0xc60
[  880.324746][   T12]  ____sys_sendmsg+0x419/0x850
[  880.324869][   T12]  ___sys_sendmsg+0xfd/0x180
[  880.324986][   T12]  __sys_sendmsg+0x124/0x1c0
[  880.325107][   T12]  do_syscall_64+0xbd/0xfc0
[  880.325234][   T12]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[  880.325390][   T12] 
[  880.325454][   T12] Freed by task 12:
[  880.325545][   T12]  kasan_save_stack+0x30/0x50
[  880.325666][   T12]  kasan_save_track+0x14/0x30
[  880.325786][   T12]  kasan_save_free_info+0x3b/0x60
[  880.325906][   T12]  __kasan_slab_free+0x43/0x70
[  880.326028][   T12]  kmem_cache_free+0xfe/0x5e0
[  880.326150][   T12]  rcu_do_batch+0x28b/0xfe0
[  880.326274][   T12]  rcu_core+0x2b4/0x5f0
[  880.326366][   T12]  handle_softirqs+0x1d7/0x840
[  880.326490][   T12]  irq_exit_rcu+0xa2/0xf0
[  880.326578][   T12]  sysvec_apic_timer_interrupt+0x9d/0xe0
[  880.326704][   T12]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  880.326848][   T12] 
[  880.326910][   T12] Last potentially related work creation:
[  880.327031][   T12]  kasan_save_stack+0x30/0x50
[  880.327156][   T12]  kasan_record_aux_stack+0x8c/0xa0
[  880.327273][   T12]  __call_rcu_common.constprop.0+0xa6/0xa00
[  880.327422][   T12]  delete_node+0x198/0x810
[  880.327539][   T12]  radix_tree_delete_item+0xc5/0x1b0
[  880.327656][   T12]  unhash_nsid_callback+0xb4/0x100
[  880.327777][   T12]  idr_for_each+0x108/0x1f0
[  880.327902][   T12]  cleanup_net+0x260/0x810
[  880.328027][   T12]  process_one_work+0xd57/0x1390
[  880.328150][   T12]  worker_thread+0x4d6/0xd40
[  880.328280][   T12]  kthread+0x355/0x5b0
[  880.328367][   T12]  ret_from_fork+0x3fb/0x510
[  880.328495][   T12]  ret_from_fork_asm+0x11/0x20
[  880.328613][   T12] 
[  880.328678][   T12] The buggy address belongs to the object at ff1100000cc63848
[  880.328678][   T12]  which belongs to the cache radix_tree_node of size 576
[  880.328999][   T12] The buggy address is located 48 bytes inside of
[  880.328999][   T12]  freed 576-byte region [ff1100000cc63848, ff1100000cc63a88)
[  880.329287][   T12] 
[  880.329346][   T12] The buggy address belongs to the physical page:
[  880.329491][   T12] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff1100000cc61c28 pfn:0xcc60
[  880.329734][   T12] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  880.329916][   T12] flags: 0x80000000000240(workingset|head|node=0|zone=1)
[  880.330071][   T12] page_type: f5(slab)
[  880.330172][   T12] raw: 0080000000000240 ff11000001043700 ffd4000000336710 ffd4000000332810
[  880.330389][   T12] raw: ff1100000cc61c28 0000000000160015 00000000f5000000 0000000000000000
[  880.330599][   T12] head: 0080000000000240 ff11000001043700 ffd4000000336710 ffd4000000332810
[  880.330814][   T12] head: ff1100000cc61c28 0000000000160015 00000000f5000000 0000000000000000
[  880.331024][   T12] head: 0080000000000002 ffd4000000331801 00000000ffffffff 00000000ffffffff
[  880.331240][   T12] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  880.331449][   T12] page dumped because: kasan: bad access detected
[  880.331597][   T12] 
[  880.331656][   T12] Memory state around the buggy address:
[  880.331773][   T12]  ff1100000cc63700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  880.331950][   T12]  ff1100000cc63780: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[  880.332126][   T12] >ff1100000cc63800: fc fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb
[  880.332310][   T12]                                                                 ^
[  880.332486][   T12]  ff1100000cc63880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  880.332656][   T12]  ff1100000cc63900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  880.332832][   T12] ==================================================================
[  880.333104][   T12] Disabling lock debugging due to kernel taint
[  880.333749][   T12] vx2: left allmulticast mode
[  880.333887][   T12] vx2: left promiscuous mode
[  880.334136][   T12] br2: port 2(vx2) entered disabled state
[  880.335553][   T12] w1: left allmulticast mode
[  880.335696][   T12] w1: left promiscuous mode
[  880.337091][   T12] br2: port 1(w1) entered disabled state
[  880.731245][T13745] br1: port 3(veth2) entered disabled state
[  880.747255][T13746] veth2: left allmulticast mode
[  880.747411][T13746] veth2: left promiscuous mode
[  880.747621][T13746] br1: port 3(veth2) entered disabled state
[  880.777685][T13748] br1: port 2(veth1) entered disabled state
[  880.792049][T13749] veth1: left allmulticast mode
[  880.792160][T13749] veth1: left promiscuous mode
[  880.792328][T13749] br1: port 2(veth1) entered disabled state
[  880.804611][T13750] vx1: left allmulticast mode
[  880.804731][T13750] vx1: left promiscuous mode
[  880.804894][T13750] br1: port 1(vx1) entered disabled state